Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
graylog service on linux starts, but port 9000 is not opened for listening.
server.log contains errors:
ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2. Describe your environment:
OS Information:
linux redhat 8.6
Package Version:
latest 4.2.11
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
4. How can the community help?
Is there some parameter or variable, that points graylog to different tmp folder?
Or only solution is to remove noexec from /tmp in /etc/fstab?
Elastic has Djava.io.tmpdir - is there graylog equivalent that does the same?
By chance do you have Selinux enforced or enabled or perhaps a firewall?
Did you check permissions on Graylog’s files/folders?
EDIT:
&&
If the Web UI does not show logon info it might be do to Graylog configuration file, even thou Elasticsearch might be incorrect or failed its possible to see the logon page. Example , I stopped elasticsearch service.
[root@graylog bin]# systemctl stop elasticsearch
[root@graylog bin]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Mon 2022-08-08 22:32:53 CDT; 1min 2s ago
Docs: https://www.elastic.co
Process: 1068 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=143)
Main PID: 1068 (code=exited, status=143)
Aug 08 22:32:49 graylog.enseva-labs.net systemd[1]: Stopping Elasticsearch...
Aug 08 22:32:53 graylog.enseva-labs.net systemd[1]: Stopped Elasticsearch.
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@graylog bin]#
Here is my Web UI, as you can see I’m still logged in.
Selinux was disabled, machine rebooted.
I had 2 other working graylog machines with very similar config and compared them one config file at a time, all was good.
I RESOLVED the issue by removing “noexec” from /tmp in /etc/fstab, all started working correctly immediately after that.
I am asking if that noexec can stay in place, but graylog use different temp folder?
Put back noexec next to /tmp in /etc/fstab, same error after reboot.
2022-08-09T08:04:29.190Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. /tmp/jna18227291494596980113.tmp: /tmp/jna18227291494596980113.tmp: failed to map segment from shared object
2022-08-09T08:04:29.191Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.192Z ERROR [LinuxFileSystem] Failed to get file counts from statvfs. Could not initialize class com.sun.jna.Native
2022-08-09T08:04:29.534Z ERROR [CmdLineTool] Guice error (more detail on log level debug): java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
Added this line in /etc/sysconfig/graylog-server and all works nicely. GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Djava.io.tmpdir=/var/graylog/tmp"
ls -la /var/graylog/tmp
total 0
drwxr-x--- 2 graylog graylog 6 Aug 9 08:32 .
drwxr-x--- 3 graylog graylog 17 Aug 9 08:25 ..
Awesome,
To be honest I never had to configure fstab since I’ve been using Graylog.
One of my main problems were permissions/access these were the only command I had to use.
root# chown graylog:graylog -R /etc/graylog/
And
root# chmod +x dir/
Glad you found the issue, if you could mark this as resolved for future searches that would be great.
